Spam email in que using non-existent email account on locally hosted domain

H

HMTKSteve

Verified User
Joined
Jan 18, 2009
Messages
78
I am having a problem where my server is accepting email generated remotely using a non-existent email address.

I have gone through the logs and the settings for this one domain and the domain is set to bounce incoming mail for non-existent addresses but I can't see anything dealing with relaying mail sent from non-existent addresses.

2011-01-16 04:03:21 1PeO8U-0006WY-WD => [email protected] F=<[email protected]> R=lookuphost T=remote_smtp S=2023 H=smtp.aliceposta.it [82.57.200.133] C="250 <4C1A1DE62A7844FB> Mail accepted"
2011-01-16 04:03:21 1PeO8U-0006WY-WD Completed

2011-01-16 04:12:21 1PeOdL-0006xe-4L => [email protected] F=<[email protected]> R=lookuphost T=remote_smtp S=1987 H=mail3.zonnet.nl [62.58.50.86] C="250 ok 1295169334 qp 27860 by mail3.versatel.nl"
2011-01-16 04:12:21 1PeOdL-0006xe-4L Completed
Click to expand...

This particular domain has only the default domain email active on it yet spam is being relayed through the domain.

This spamming has now resulted in my ip being blocked by several of the major ISPs. How do I fix this problem?
 
Do you whitelist yellowpole.com? If so, then all email from a return address at yellowpole.com will be accepted, even for relay. Given that the domain is hosted by you, that's the most likely scenario.

If not:

Do you whitelist the IP# the mail is coming from, or the server the mail is coming from? If so then all email from that server will be accepted, even for relay.

If neither is true then check the IP# against any DNS-based whitelists in your configuration to make sure the mail-server used by the spammy server isn't whitelisted therein.

Jeff
 
I'm using the default conf file that is installed along with directadmin.

How can I set it so that only email that originates from local host is sent out ? (Webmail and server-originating script only.)
 
Since you didn't answer my questions I really can't help you figure out the problem.

So I'll move on to your second question...

Do you really want to disallow anyone (not even you) from using your server for outgoing email? If you do this then all users who use their local (desktop/laptop) system to send email, to use their ISPs mail server.

Jeff
 
I have found part of the problem, dictionary attack on my mail server.

What can I use to automate the process of blocking IPs that have multiple failed login/password attempts on my server?
 
Check these forums for the various firewalls available for your OS Distribution. Some of them automate IP blocking.

Jeff
 
You must log in or register to reply here.
Back
Top